CVE-2002-0807Cross-site Scripting in Mozilla Bugzilla

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Bugzilla
Timeline
PublishedAug 12
Latest updateApr 30

Description

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmozilla/bugzilla2.14, 2.14.1, 2.16+2

Patches

Patch: archives.neohapsis.comPatch: archives.neohapsis.com

🔴Vulnerability Details

2
GHSA
GHSA-w8hc-2m6m-68m6: Cross-site scripting vulnerabilities in Bugzilla 22022-04-30
CVEList
CVE-2002-0807: Cross-site scripting vulnerabilities in Bugzilla 22002-07-31

📋Vendor Advisories

1
Red Hat
security flaw2002-06-08

💬Community

1
Bugzilla
CVE-2002-0807 security flaw2018-08-16
CVE-2002-0807 — Cross-site Scripting in Mozilla | cvebase